This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tiger_QAs
Contributor
‎2021-02-02 11:49 AM

Adding ThreatPrevetion exceptions by setting action to PREVENT to eliminate possibility of FalseNegs

Hello All,

I have a question regarding addition of exceptions to a Threat Prevention policy on perimeter gateways.

BackGround:
Few servers are running DNS queries to external honeypot site and not all of them are getting prevented by Anti-Bot, Few logs show "Detect" too. 

I would like to write an exception on TP policy and set the action to "Prevent", I want to try it to eliminate the possibility of any false negatives. (Refer to the attached image for the exception rule that I wanted to try)

My question is : Is it normal to write TP exceptions and set action to prevent ?  

Preview file
27 KB
0 Kudos
3 Replies
Cyber_Serge
Collaborator
‎2021-02-02 01:46 PM

I think for the DNS Query, if you configure DNS Trap, it will show "Detect" instead of "Prevent". So seeing "detect" for those might be normal, depend on your setting.

0 Kudos
Tiger_QAs
Contributor
‎2021-02-16 01:59 PM
In response to Cyber_Serge

Thanks a lot for the response @Cyber_Serge 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-02-17 06:24 AM

Yes, support for TP exceptions with an action of Prevent (instead of the usual Detect or Inactive) was added in R80.10.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events